name review description Review incoming PRs, agent-generated changes, or diffs. Structured review with security, correctness, performance, and maintainability checks. Triggers: "review", "review PR", "review changes", "code review", "review this PR", "review agent output", "check this diff". skill_api_version 1 context {"window":"fork","intent":{"mode":"task"},"sections":{"exclude":["HISTORY"]},"intel_scope":"topic"} metadata {"tier":"judgment","dependencies":["standards","council"]}
Review Skill
Quick Ref: /review <PR> reviews a PR, /review --diff reviews local changes, /review --agent <path> reviews agent output with extra scrutiny.
YOU MUST EXECUTE THIS WORKFLOW. Do not just describe it.
This skill is for reviewing OTHER people's or agents' changes. For validating your own code quality, use /vibe instead.
Modes
/review 42
/review https://github.com/o/r/pull/42
/review --diff
/review --diff --staged
/review --agent .agents/crank/
/review --agent ./output.patch
/review --deep 42
Execution Steps
Step 0: Detect Review Target and Load Standards
Determine the review mode from arguments:
PR mode (default): argument is a number or GitHub PR URL.
Diff mode : --diff flag present.
Agent mode : --agent <path> flag present.
Load language-specific conventions from /standards based on file extensions in the diff. If ao is available, pull prior review context:
ao lookup --query "code review patterns $(basename "$PWD " ) " --limit 3 2>/dev/null || true
Step 1: Fetch the Diff
PR Mode
gh pr view "$PR_REF " --json title,body,author,baseRefName,headRefName,labels,reviewDecision,commits
gh pr diff "$PR_REF "
gh pr diff "$PR_REF " --name-only
If the PR has more than 500 changed lines, prioritize: security-sensitive files, high-complexity changes, new files, then test files.
Diff Mode
git diff HEAD
git diff --cached
git diff HEAD --name-only
Agent Mode
find "$AGENT_PATH " -type f \( -name '*.go' -o -name '*.py' -o -name '*.ts' -o -name '*.sh' -o -name '*.md' \)
git apply --stat "$AGENT_PATH "
Step 2: Context Gathering
Understand the intent behind the changes before reviewing the code:
PR Mode: Read PR title/body, check linked issues (fixes #, closes #), read commit messages.
Diff Mode: Check git log --oneline -5, branch name, open issues via bd list --status open.
Agent Mode: Read execution logs in output directory, check .agents/rpi/ artifacts.
Output a one-line intent summary before proceeding:
INTENT: <what the change is trying to accomplish>
If intent is unclear, flag it: "PR description does not explain the purpose of this change."
Step 3: Systematic Review Pass (SCORED)
Review every changed file against the SCORED checklist. For each category, actively look for problems. Do not skim -- read each changed line.
S -- Security
C -- Correctness
Logic errors: off-by-one, wrong operator, inverted condition
Edge cases: nil/null handling, empty collections, boundary values
Error handling: errors checked, not swallowed, wrapped with context
Race conditions: shared mutable state, concurrent access patterns
Resource leaks: unclosed files, connections, goroutines, channels
Type safety: unchecked casts, implicit conversions, overflow potential
Contract compliance: does the change match the stated intent?
O -- Observability
R -- Readability
E -- Efficiency
D -- Design
Step 4: Agent-Specific Checks (--agent mode only)
When reviewing agent-generated code, apply additional scrutiny for common agent failure modes:
Hallucinated References
Over-Engineering
Missing Fundamentals
Test Quality
Codebase Consistency
Step 5: Generate Structured Review Output
Create a review artifact:
REVIEW_DIR=".agents/review"
mkdir -p "$REVIEW_DIR "
REVIEW_FILE="$REVIEW_DIR /$(date +%Y-%m-%d) -review-$(echo "$PR_REF " | tr '/' '-') .md"
Review Document Structure
# Review: <PR title or change description >
**Date:** YYYY-MM-DD | **Verdict:** APPROVE | REQUEST_CHANGES | COMMENT
**Target:** PR #N / local diff / agent output at <path >
## Intent
<one-line summary >
## SCORED Assessment
| Category | Rating | Notes |
|----------|--------|-------|
| Security | pass/warn/fail | ... |
| Correctness | pass/warn/fail | ... |
| Observability | pass/warn/fail | ... |
| Readability | pass/warn/fail | ... |
| Efficiency | pass/warn/fail | ... |
| Design | pass/warn/fail | ... |
## Findings
### Critical (must fix)
- **[file:line]** Issue. Suggested fix: ...
### Warning (should fix)
- **[file:line]** Issue. Suggested fix: ...
### Suggestion / Nit
- **[file:line]** Description.
## Missing
<expected but absent: tests , docs , error handling , migration >
Verdict Rules
APPROVE : No critical or warning findings. All SCORED categories pass.
REQUEST_CHANGES : Any critical finding, OR 3+ warnings, OR any SCORED category rated "fail".
COMMENT : 1-2 warnings with no critical findings. Worth discussing but not blocking.
PR Mode: Post Comments
If reviewing a PR and the verdict is REQUEST_CHANGES or COMMENT, offer to post the review:
gh pr review "$PR_REF " --comment --body "$(cat "$REVIEW_FILE " ) "
gh pr review "$PR_REF " --request-changes --body "$(cat "$REVIEW_FILE " ) "
Only post if the user confirms. Never auto-post a review without explicit approval.
Deep Mode (--deep)
When --deep is specified, after the initial SCORED pass, spawn a council for a second opinion:
/council validate "Review these changes for issues I might have missed: <summary of changes>"
Merge council findings into the review document under a "## Council Findings" section.
Integration with Other Skills
Skill Relationship /vibeSelf-review (your own code). /review is for others' code. /councilOptional second opinion via --deep flag. /standardsAuto-loaded for language-specific rules. /bug-hunt/review does a structured pass; /bug-hunt does deep investigation of suspected bugs./pr-validatePR-specific validation (isolation, scope creep). Complementary to /review.
See Also
vibe — Self-review and code quality validation
council — Multi-model consensus council
standards — Language-specific coding conventions
bug-hunt — Deep bug investigation
pr-validate — PR scope and isolation checks
Examples
Standard PR review
/review
Reviews current diff against main: correctness, security, performance, style.
Deep review with multi-model council
/review --deep
Same as standard but spawns council for adversarial second opinion on critical code.
Review a specific file
/review src/auth/middleware.go
Focused review of one file — useful for security-sensitive modules.
Extended review criteria and checklist: references/support.md
Troubleshooting
Problem Cause Fix Review misses context about a module File not in diff but critical to understand Pass --context-files src/auth/ to include adjacent files Council doesn't activate on --deep Runtime doesn't support subagent spawning Falls back to single-model review automatically; output notes degradation Review flagging false positives Standards loaded for wrong language Verify language detection at top of output; pass --lang go to force Diff too large for one review pass PR is too big Split the PR. /review works best on diffs under 500 LOC
Guardrails
Do not approve PRs with critical-severity SCORED findings unresolved
Scope review to the diff only; do not audit unrelated code
Preserve SCORED rubric order and do not skip categories
In --agent mode, flag hallucinated file references as critical findings